Last updated: April 6, 2026
DeltaLift is a fitness tracking app built in Sweden. When this policy says "we" or "us", it means DeltaLift. If you need to reach us, email support@deltalift.cc. DeltaLift is the data controller for everything described below.
When you create an account, we store your email, password, display name, and gender. The email and password are only used to sign you in through Supabase Auth. Your display name and gender are used during onboarding so we can pick the right heatmap model and calculate strength rankings correctly.
The core of DeltaLift is health and fitness data. That means the exercises, sets, reps, and weights you log, your body weight, height, body fat percentage, and any body measurements you choose to enter. We use this data to generate your muscle heatmaps, calculate your strength rankings from Iron to Radiant, and build your 1RM progression charts over time. Without it, the app wouldn't have much to show you.
If you use the social features, we also store your friend connections, showcase info, blog posts, and profile picture. Your name, avatar, workout activity, blogs, and showcase are visible to friends you've accepted. Nobody else can see them.
We don't collect your location. We don't run advertising trackers or analytics SDKs. We don't sell or share your data with anyone for marketing. We only access your photo library if you choose to upload a profile picture. We do not access your contacts, microphone, or precise GPS location.
Everything you log is saved in local storage on your device. The app works fully offline and your data is always available regardless of internet access.
If you create an account, your data also syncs to Supabase, which hosts our cloud infrastructure on servers within the European Union. All traffic between your device and Supabase is encrypted with HTTPS/TLS, and row-level security policies make sure you can only access your own data. We don't transfer personal data outside the EEA unless a third-party service requires it, and only with appropriate safeguards like Standard Contractual Clauses.
Payment processing is handled by Google Play. While our database is in the EU, your billing information is processed by Google under their own privacy standards.
Your local data stays on your device until you uninstall the app or sign out. Cloud data stays as long as your account is active.
When you delete your account, we permanently remove everything from our servers within 48 hours. That includes workout logs, personal records, body metrics, profile info, blog posts, and friend connections. All of it. You can still use the app offline after that. There are three ways to delete your account: through the app (Profile → Settings → Delete Account), through our web deletion page, or by emailing support@deltalift.cc.
Since we're based in the EU, GDPR applies. Here's what that means for you in plain terms:
Access — You can ask us for a copy of everything we have on you. Most of it is already visible in the app.
Correction — If something's wrong, you can fix it in the app or ask us to correct it.
Deletion (Right to be Forgotten) — You can ask us to wipe all your data. We'll do it within 48 hours. Delete your account in the app, use the deletion page, or email us.
Data portability — You have the right to get your data in a machine-readable format. Email support@deltalift.cc and we'll send you a JSON export within 30 days.
Restrict or object to processing — You can ask us to limit what we do with your data or object to processing entirely.
Complaints — If you think we're handling your data wrong, you can file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or your local data protection authority.
We process your data under three GDPR grounds. Most of it falls under contract (Art. 6(1)(b)) — we need your workout data and body metrics to actually provide the service you signed up for. Optional features like profile pictures, blogs, and friend connections fall under consent (Art. 6(1)(a)). Security and abuse prevention fall under legitimate interest (Art. 6(1)(f)).
We use Supabase for authentication, database hosting, and file storage. They process data in the EU and are GDPR-compliant. You can read their privacy policy here. We also distribute the app through Google Play, which handles subscription payments. Google processes payment data under their own privacy policy.
DeltaLift is not designed for children under 16. We don't knowingly collect data from anyone under that age. If you believe a minor has created an account, contact us and we'll remove it.
If we update this policy, we'll post the changes here and update the date at the top. For anything significant, we'll also notify you in the app. Continuing to use DeltaLift after a change means you accept the updated policy.
Questions about privacy or your data rights: support@deltalift.cc